Set XmlRepository whem setting encryptor in DataProtection light-up (#117)

2017-11-01 10:14:50 -07:00 · 2017-11-01 10:14:50 -07:00 · c998d74e1d
parent 2143ef49c2
commit c998d74e1d
2 changed files with 33 additions and 1 deletions
--- a/sample/AzureAppServicesHostingStartupSample/Startup.cs
+++ b/sample/AzureAppServicesHostingStartupSample/Startup.cs
@ -1,6 +1,7 @@
 using System;
 using System.Linq;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
@ -12,6 +13,7 @@ namespace IISSample
    {
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddDataProtection();
        }
        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
@ -60,6 +62,13 @@ namespace IISSample
                    await context.Response.WriteAsync(key + ": " + value + Environment.NewLine);
                }
                await context.Response.WriteAsync(Environment.NewLine);
                var protectorProvider = context.RequestServices.GetService<IDataProtectionProvider>();
                var protector = protectorProvider.CreateProtector("Purpose");
                await context.Response.WriteAsync("Protected Query: " + protector.Protect(context.Request.QueryString.Value) + Environment.NewLine);
                await context.Response.WriteAsync(Environment.NewLine);
            });
        }
--- a/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs
+++ b/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs
@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 using System;
 using System.IO;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Azure.KeyVault;
@ -59,7 +61,28 @@ namespace Microsoft.AspNetCore.AzureKeyVault.HostingStartup
        internal virtual void AddDataProtection(IServiceCollection serviceCollection, KeyVaultClient client, string protectionKey)
        {
-            serviceCollection.AddDataProtection().ProtectKeysWithAzureKeyVault(client, protectionKey);
+            // Duplicates functionality from GetKeyStorageDirectoryForAzureWebSites in DataProtection
            // to detect key storage location when running on Azure
            // because you are not alowed to set IXmlEncryptor without setting IXmlRepository
            // Check that we are running in Azure AppServices
            var siteId = Environment.GetEnvironmentVariable("WEBSITE_INSTANCE_ID");
            if (string.IsNullOrWhiteSpace(siteId))
            {
                return;
            }
            var home = Environment.GetEnvironmentVariable("HOME");
            if (string.IsNullOrWhiteSpace(home))
            {
                return;
            }
            var keyLocation = new DirectoryInfo(Path.Combine(home, "ASP.NET", "DataProtection-Keys"));
            serviceCollection.AddDataProtection()
                .ProtectKeysWithAzureKeyVault(client, protectionKey)
                .PersistKeysToFileSystem(keyLocation);
        }
        internal virtual void AddConfiguration(IConfigurationBuilder configurationBuilder, KeyVaultClient client, string keyVault)